Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Public Finance

Abstract

advertisement 
An Efficient Certificateless Encryption for Secure Data
Sharing in Public Cloud
ABSTRACT:
We propose a mediated certificateless encryption scheme without pairing
operations for securely sharing sensitive information in public clouds. Mediated
certificateless public key encryption (mCL-PKE) solves the key escrow problem in
identity based encryption and certificate revocation problem in public key
cryptography. However, existing mCL-PKE schemes are either inefficient because
of the use of expensive pairing operations or vulnerable against partial decryption
attacks. In order to address the performance and security issues, in this paper, we
first propose a mCL-PKE scheme without using pairing operations. We apply our
mCL-PKE scheme to construct a practical solution to the problem of sharing
sensitive information in public clouds. The cloud is employed as a secure storage
as well as a key generation center. In our system, the data owner encrypts the
sensitive data using the cloud generated users’ public keys based on its access
control policies and uploads the encrypted data to the cloud. Upon successful
authorization, the cloud partially decrypts the encrypted data for the users. The
users subsequently fully decrypt the partially decrypted data using their private
keys. The confidentiality of the content and the keys is preserved with respect to
the cloud, because the cloud cannot fully decrypt the information. We also propose
an extension to the above approach to improve the efficiency of encryption at the
data owner. We implement our mCL-PKE scheme and the overall cloud based
system, and evaluates its security and performance. Our results show that our
schemes are efficient and practical.
EXISTING SYSTEM:
The Existing System CL-PRE (Certificateless Proxy Re-Encryption) scheme for
secure data sharing in public cloud environments. Although their scheme is based
on CL-PKC to solve the key escrow problem and certificate management, it relies
on pairing operations. Despite recent advances in implementation techniques, the
computational costs required for pairing are still considerably high compared to the
costs of standard operations such as modular exponentiation in finite fields.
DISADVANTAGES OF EXISTING SYSTEM:
 In addition to the key escrow problem, ABE has the revocation problem as
the private keys given to existing users should be updated whenever a user is
revoked.
 Moreover, their scheme only achieves Chosen Plaintext Attack (CPA)
security. As pointed out, CPA security is often not sufficient to guarantee
security in general protocol settings. For example, CPA is not sufficient for
many applications such as encrypted email forwarding and secure data
sharing that require security against Chosen Cipher text Attack
PROPOSED SYSTEM:
It is important to notice that if one directly applies our basic mCL-PKE scheme to
cloud computing and if many users are authorized to access the same data, the
encryption costs at the data owner can become quite high. In such case, the data
owner has to encrypt the same data encryption key multiple times, once for each
user, using the users’ public keys. To address this shortcoming, we introduce an
extension of the basic mCL-PKE scheme. Our extended mCL-PKE scheme
requires the data owner to encrypt the data encryption key only once and to
provide some additional information to the cloud so that authorized users can
decrypt the content using their private keys. Our proposed system gives a highlevel view of the extension. The idea is similar to Proxy Re-Encryption (PRE) by
which the data encryption key is encrypted using the data owner’s public key and
later can be decrypted by different private keys after some transformation by the
cloud which acts as the proxy. However, in our extension, the cloud simply acts as
storage and does not perform any transformation. Instead, the user is able to
decrypt using its own private key and an intermediate key issued by the data
owner.
ADVANTAGES OF PROPOSED SYSTEM:
 We present the formal security model and provide the security proof. Since
our mCL-PKE scheme does not depend on the pairing-based operation, it
reduces the computational overhead.
 Unlike conventional approaches, the KGC only needs to be semi-trusted and
can reside in the public cloud, because our mCL-PKE scheme does not
suffer from the key escrow problem.
SYSTEM ARCHITECTURE:
MODULES:
1. The Data Owner Module
2. The User Module
3. Security Mediator (SEM) and Key Generation Center (KGC)
4. The Storage Service
5. Data Retrieval and Decryption
MODULES DESCRIPTION:
The Data Owner:
According to the access control policy, the data owner encrypts a symmetric data
encryption key using mCL-PKE scheme and encrypts the data items using
symmetric encryption algorithm. Then, data owner uploads encrypted data items
and the encrypted data encryption key to the cloud. The data owner obtains the
KGC-keys of users from the KGC in the cloud. The data owner then symmetrically
encrypts each data item for which the same access control policy applies using a
random session key K and then the data owner encrypts K using the KGC-keys of
users.
The User:
In this module, Unlike the CL-PKE scheme, the partial private key is securely
given to the SEM, and the user keeps only the secret value as its own private key in
the mCL-PKE scheme. So, each user’s access request goes through the SEM which
checks whether the user is revoked before it partially decrypts the encrypted data
using the partial private key. Each user first generates its own private and public
key pair, called SK and PK, using the Set Private Key and SetPublicKeyoperations
respectively using our mCL-PKE scheme. The user then sends its public keys and
its identity (ID) to the KGC in the cloud.
Security Mediator (SEM) and Key Generation Center (KGC):
In this module, does not suffer from the key escrow problem, because the user’s
own private key is not revealed to any party. It should be noted that neither the
KGC nor the SEM can decrypt the encrypted data for specific users. Moreover,
since each access request is mediated through the SEM, our approach supports
immediate revocation of compromised users. The KGC in turn generates two
partial keys and a public key for the user. One partial key, referred to as SEM-key,
is stored at the SEM in the cloud. The other partial key, referred to asU-key, is
given to the user. The public key, referred to as KGC-key, consists of the user
generated public key as well as the KGC generated public key. The KGC-key is
used to encrypt data. The SEM-key, U-key, and SK are used together to decrypt
encrypted data. We denote the partial private key and the public key for user i as
SEM-keyi, U-key i, KGC-key i respectively.
Storage Service:
In this module, in our extension, the cloud simply acts as storage and does not
perform any transformation. Instead, the user is able to decrypt using its own
private key and an intermediate key issued by the data owner.
Data Retrieval and Decryption:
When a user wants to read some data, it sends a request to the SEM to obtain the
partially decrypted data. The SEM first checks if the user is in the access control
list and if the user’s KGC-key encrypted content is available in the cloud storage. If
the verification is successful, the SEM retrieves the encrypted content from the
cloud and partially decrypts the content using the SEM-key for the user. The
partial decryption at the SEM reduces the load on users. The user uses its SK and
U-key to fully decrypt the data. In order to improve the efficiency of the system,
once the initial partial decryption for each user is performed, the SEM stores back
the partially decrypted data in the cloud storage. If a user is revoked, the data
owner updates the access control list at the SEM so that future access requests by
the user are denied. If a new user is added to the system, the data owner encrypts
the data using the public key of the user and uploads the encrypted data along with
the updated access control list to the cloud.
SYSTEM REQUIREMENTS:
HARDWARE REQUIREMENTS:
 System
:
Pentium IV 2.4 GHz.
 Hard Disk
:
40 GB.
 Floppy Drive
:
1.44 Mb.
 Monitor
:
15 VGA Colour.
 Mouse
:
Logitech.
 Ram
:
512 Mb.
SOFTWARE REQUIREMENTS:
 Operating system :
Windows XP/7.
 Coding Language :
JAVA/J2EE
 IDE
:
Net beans 7.4
 Database
:
MYSQL
REFERENCE:
Seung-Hyun Seo, Mohamed Nabeel, Member, and Elisa Bertino, Fellow, IEEE“An Efficient Certificateless Encryption for Secure Data Sharing in Public
Clouds”
IEEE
TRANSACTIONS
ON
KNOWLEDGE
ENGINEERING, VOL. 26, NO. 9, SEPTEMBER 2014.
AND
DATA
Related documents
Abstract - ieeeclass
Abstract - ieeeclass
RESUME
RESUME
- Krest Technology
- Krest Technology
- IEEE Projects In Madurai
- IEEE Projects In Madurai
Slide - People
Slide - People
slides
slides
Cloud Computing - Lutheran Services in America
Cloud Computing - Lutheran Services in America
Lisa Neal-Graves, Director Technology Insights, Intel
Lisa Neal-Graves, Director Technology Insights, Intel
Cisco Video Strategy - Distributed Computing Industry Association
Cisco Video Strategy - Distributed Computing Industry Association
Mathew Gilliat-Smith, Fortium Technologies
Mathew Gilliat-Smith, Fortium Technologies
Download
advertisement